WO2016206041A1 - Terminal data protection method and apparatus - Google Patents

Terminal data protection method and apparatus Download PDF

Info

Publication number
WO2016206041A1
WO2016206041A1 PCT/CN2015/082337 CN2015082337W WO2016206041A1 WO 2016206041 A1 WO2016206041 A1 WO 2016206041A1 CN 2015082337 W CN2015082337 W CN 2015082337W WO 2016206041 A1 WO2016206041 A1 WO 2016206041A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
preset
iris feature
human eye
risk
Prior art date
Application number
PCT/CN2015/082337
Other languages
French (fr)
Chinese (zh)
Inventor
黎广
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Priority to PCT/CN2015/082337 priority Critical patent/WO2016206041A1/en
Publication of WO2016206041A1 publication Critical patent/WO2016206041A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices

Definitions

  • the present invention relates to the field of mobile terminals, and in particular, to a data protection method and apparatus for a terminal.
  • the functions of mobile terminals represented by smart phones are becoming more and more abundant. In addition to the traditional communication functions, they also have functions such as social and online payment.
  • the privacy information of the users on the mobile terminals is easily leaked by the peek of the person next to them, and the privacy information of the users on the terminals has a large security risk.
  • one method is to configure a special screen on the mobile terminal, and when entering a public place, the anti-peeping function is turned on, and at this time, if the line of sight and the mobile terminal are If the angle of the screen exceeds a certain angle, the content on the screen will not be visible.
  • another method is to shoot the mobile terminal.
  • the image of the current environment is subjected to face recognition according to the image of the current environment. If a strange face is found, the user is reminded to pay attention to the protection of personal privacy information.
  • the above two technologies have obvious deficiencies.
  • the first method requires a mobile terminal to configure a special screen, but most mobile terminals have not used such a screen, and this technology is oriented in the front view.
  • the peek has no effect; the second method can only identify strange faces in the image of the current environment of the shooting, and cannot accurately identify whether the stranger is watching the mobile terminal, and the images taken in public are usually Can identify more strange faces, even if the strangers around do not look at the mobile terminal, there will still be a protection reminder, which makes the second method has a higher false positive rate, which affects the user's smoothness to the mobile terminal. Operational use.
  • the embodiment of the invention provides a data protection method and device for a terminal, which can effectively protect the security of the terminal data.
  • An aspect of the present invention provides a data protection method for a terminal, including:
  • the terminal acquires a human eye image of the current environment through the imaging device
  • the terminal executes a preset risk elimination instruction.
  • Another aspect of the present invention provides a data protection device for a terminal, including:
  • An imaging module configured to acquire an image of a human eye of a current environment through an imaging device of the terminal
  • a parsing module configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image
  • a risk detection module configured to detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk
  • the risk elimination module is configured to execute a preset risk elimination instruction on the terminal if the data leakage risk exists.
  • the terminal acquires the human eye image of the current environment through the imaging device, obtains human eye analysis information including the iris feature information and the eyeball line of sight information according to the human eye image, and detects the human eye analysis information according to the predefined detection rule. Determine whether the terminal has a risk of data leakage. If there is a risk of data leakage, execute the preset risk elimination instruction.
  • the embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
  • FIG. 1 is a flowchart of a data protection method for a terminal according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another method for data protection of a terminal according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of still another method for data protection of a terminal according to an embodiment of the present disclosure
  • FIG. 4 is a schematic structural diagram of a data protection device of a terminal according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an embodiment of a parsing module according to an embodiment of the present disclosure
  • FIG. 6 is a schematic structural diagram of an embodiment of a detection module according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of an embodiment of a scenario determining submodule according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of an embodiment of a risk determination sub-module according to an embodiment of the present invention.
  • the terminal may be any one of a smart phone, a tablet computer, a PC (Personal Computer), an e-reader, an MP4 player, and the like.
  • the terminal has a function of acquiring an image of a human eye. .
  • FIG. 1 is a flowchart of a data protection method for a terminal according to an embodiment of the present invention.
  • the method may include steps S101-S104.
  • the terminal acquires a human eye image of a current environment by using an imaging device.
  • the terminal acquires a human eye image of the current environment through the imaging device.
  • the imaging device may be a camera built in the terminal or a human eye detector, or may be a non-built-in device that can be acquired by the terminal, such as a smart camera connected to the terminal via Wi-Fi.
  • the terminal may first acquire an image of the current environment by using an imaging device, and then perform pre-processing on the image, where the pre-processing may include brightness adjustment, denoising, etc., and the image is improved by preprocessing. quality.
  • the pre-processed image is then subjected to face recognition, from which one or more face regions are identified, and then one or more face regions are identified and segmented to obtain one or more human eye images.
  • the human eye image obtained in step S101 is further analyzed, and human eye analysis information is extracted, wherein the human eye analysis information includes iris feature information and eyeball line of sight information, wherein the iris feature information It can be used to identify the identity of the person corresponding to the human eye image, and the eyeball line of sight information can be used to determine whether the line of sight of the corresponding person falls on the current terminal screen.
  • the specific extraction of the human eye analysis information may include the following steps: First, the human eye image is segmented into one or more eye images, and each of the eye images is a human eye.
  • the preset scene recognition rule herein may include multiple implementation manners, such as when a button on the terminal is pressed, or a specific application in the terminal is clicked to cause the terminal to receive a running instruction, the instruction indication
  • the terminal is forced to enter the preset data protection scenario.
  • the terminal can obtain the current geographical location information. If the current geographic location information is displayed in a public place such as a subway, a shopping mall, or a road, the terminal automatically enters a preset data protection scenario. Further, the terminal may determine whether it is in an outgoing time period according to the current time. For example, if the user sets Monday to be an outgoing time period, when the calendar time of the terminal is Monday, the terminal automatically enters a preset data protection scenario.
  • the terminal may first analyze the iris feature information to determine whether the terminal is In a preset data protection scenario. If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command, it is determined that the terminal is in a preset data protection scenario.
  • the preset authorized iris feature library is a pre-stored iris feature value of the authorized user. When the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature library is less than a preset threshold, it means that the currently detected iris The feature information has the iris feature value of the unauthorized user. The user's current environment has detectable strangers.
  • the terminal can pop up a prompt message such as "Detecting strangers near you, your information on the machine may be affected. To the leak, it is recommended that you enter the data protection scene mode. If the user clicks the confirmation button, the terminal receives the preset activation command, and the terminal enters the preset data protection scenario; if the user confirms that it is not necessary to enter the data protection scenario, for example The user can choose not to enter the preset data protection scene when sharing the video on the terminal with the friend.
  • the terminal if the terminal is in a preset data protection scenario, determining whether the terminal has a data leakage risk according to the human eye analysis information. If the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold, it may be considered that there is no unauthorized user in the current environment detectable range, and there is no suspicious voyeur. Determining that the terminal has no data leakage risk; if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generating the iris image value of the eye image The line of sight deflection value is not within the preset deflection range.
  • the line of sight of the unauthorized user does not fall on the terminal to be protected, that is, the terminal is not sneaked by an unauthorized user. Determining that the terminal does not have a risk of data leakage; if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generating the eye image of the iris feature value
  • the line of sight deflection value is within a preset deflection range, and the current environment is considered to have not only an unauthorized user but also at least one unauthorized Eyes on household terminal to be protected, the terminal is in a state of being peeping, it is determined that there is the risk of leakage data terminal.
  • the terminal executes a preset risk elimination instruction.
  • the preset risk elimination instruction executed by the terminal may include a push instruction of a preset set of graphic and text information on the terminal, a screen to extinguish the terminal screen, or a screen control instruction for reducing the brightness of the terminal screen, at the terminal. Playing a preset voice file playback command and making the terminal body The motor control command that generates the regular vibration, by executing the preset risk elimination instruction, eliminates the risk of data leakage as much as possible, and achieves the purpose of protecting the data security of the terminal.
  • the terminal acquires a human eye image of the current environment through the imaging device, obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, and performs human eye analysis information according to a predefined detection rule.
  • the detection determines whether the terminal has a risk of data leakage. If there is a risk of data leakage, the preset risk elimination instruction is executed.
  • the embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
  • FIG. 2 is a flowchart of another method for data protection of a terminal according to an embodiment of the present invention.
  • the method may include steps S201-S208.
  • the terminal acquires a human eye image of the current environment through the imaging device.
  • the terminal when the terminal is woken up by unlocking, or enters the unlocking interface of the terminal, the terminal acquires a human eye image of the current environment through the imaging device.
  • the imaging device may be a camera built in the terminal or a human eye detector, or may be a non-built-in device that can be acquired by the terminal, such as a smart camera connected to the terminal via Wi-Fi.
  • An example for reference is that the smartphone scans the current environment through the built-in human eye detector to obtain a human eye image of the current environment.
  • the terminal may first acquire an image of the current environment by using an imaging device, and then perform pre-processing on the image, where the pre-processing may include brightness adjustment, denoising, etc., and the image is improved by preprocessing. quality.
  • the pre-processed image is then subjected to face recognition, from which one or more face regions are identified, and then one or more face regions are identified and segmented to obtain one or more human eye images.
  • the smart phone takes a picture of the current environment through the built-in camera, and obtains image A.
  • Image A is preprocessed and converted into image B, and face B is image-recognized, and a total of three face regions are obtained, namely F1, F2 and F3, the three face regions are separately identified and segmented, and three human eye images are obtained, namely E1, E2 and E3.
  • the human eye image is segmented into one or more eye images, and each of the eye images is an image including one human eye.
  • each human eye image may contain one human eye or two human eyes.
  • an image of the eye containing only one human eye is segmented from each human eye image.
  • the above-mentioned three human eye images in step S201 are segmented, and SE1, SE2, and SE3, SE4, and SE5 are separated from E1, E2, and E3, and the SE1 to SE5 are all eyes including only one human eye. Part image.
  • S203 Perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye.
  • the obtained eye images are analyzed one by one, and the iris feature values are extracted therefrom.
  • the eye image includes an image detail of a complete human eye, and an iris recognition algorithm is performed on each eye image, and the iris recognition algorithm may be executed on a general-purpose central processing unit of the terminal, or may be performed on the terminal.
  • a dedicated iris recognition chip is implemented. All eye images are processed by the iris recognition algorithm to obtain one or more iris feature values, and each iris feature value is a detailed feature of spots, filaments, crowns, stripes, crypts, etc. interlaced in an iris. Mathematical description. Taking the eye image obtained in step S202 as an example, SE1 to SE5 are processed by the iris recognition algorithm to obtain corresponding iris feature values ht1 to ht5.
  • the eye image includes details of the eyeball, the cornea, the pupil, and the like in addition to the iris.
  • the line of sight direction of a complete eye image can be detected, and the line-of-sight deflection value of the eyeball and the terminal screen in each eye image is calculated by combining the three-dimensional imaging calculation model. It is an angle value, and the reference coordinate system used is a spatial three-dimensional coordinate system whose origin is the center of the visible area on the terminal screen.
  • SE1 to SE5 are processed by the line-of-sight direction detection algorithm to obtain corresponding line-of-sight deflection values sp1 to sp5.
  • all of the iris feature values and the line-of-sight deflection values obtained in steps S203 and S204 are combined as human eye analysis information.
  • the preset authorized iris feature library is composed of iris feature values of one or more authorized users, and the iris feature value in the iris feature information is matched with the authorized iris feature library. If there is one or more iris feature values in the iris feature information and the authorized iris feature library does not satisfy the matching condition, that is, the matching degree of the matching operation is less than the preset threshold, it is considered that the current environment has an unauthorized user, and the terminal may pop up a corresponding prompt.
  • Information asking the user if they need to enter a preset data protection scenario to further protect the data on the terminal. For example, the terminal can pop up a prompt message such as "Detecting strangers near you, your information on this machine may be leaked. It is recommended that you enter the data protection scene mode.” If the user clicks the confirmation button, the terminal receives Go to the preset enable command and make sure to enter the preset data protection scene.
  • the iris feature value in the iris feature information is matched with the preset authorized iris feature library one by one, if all the iris feature information
  • the matching degree between the iris feature value and the preset authorized iris feature database is not less than a preset threshold. It can be considered that there is no unauthorized user in the current environment detectable range, and there is no suspicious voyeur, and the terminal is determined to have no data leakage risk.
  • the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature library is less than a preset threshold, and the line-of-sight deflection value of the eye image generating the iris feature value is not preset Within the deflection range, it can be considered that although there is an unauthorized user in the current environment, the line of sight of the unauthorized user does not fall on the terminal to be protected, that is, the terminal is not sneaked by the unauthorized user, and it is determined that the terminal does not have data leakage.
  • the terminal is in a state of being peeked, and it is determined that the terminal has a risk of data leakage.
  • the matching operation result with the preset authorized iris feature database shows that JX4 and JX5 correspond to the smart phone.
  • the result of the analysis of the eye image of the two eyes of the authorized user, and JX1, JX2 and JX3 are the result of the analysis of the eye image of the unauthorized user, and the line-of-sight deflection values sp1 and sp3 of JX1 and JX3 are not within the preset deflection range.
  • the line of sight deflection value sp2 of JX2 is within the preset deflection range, it can be confirmed that the eye in the eye image SE2 is looking at the terminal screen, and the terminal has a risk of data leakage.
  • the terminal executes a preset risk elimination instruction.
  • the preset risk elimination instruction executed by the terminal may include a push instruction of a preset set of graphic and text information on the terminal, a screen to extinguish the terminal screen, or a screen control instruction for reducing the brightness of the terminal screen, at the terminal.
  • the play command for playing the preset voice file and the motor control command for causing the terminal body to generate regular vibrations can eliminate the risk of data leakage as much as possible by performing the preset risk elimination instruction, thereby achieving the purpose of protecting the data security of the terminal.
  • the terminal first executes a push command, pushes information on the screen to remind the user, and then executes a screen control command to extinguish the terminal screen.
  • the terminal acquires a human eye image of the current environment through the imaging device, and obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, if the iris feature value in the iris feature information is The matching degree of the preset authorized iris feature library is less than the preset threshold, and the terminal receives the preset enable command, and determines that the terminal is in the preset data protection scenario.
  • the human eye analysis information determines whether the terminal has a data leakage risk, and if there is a data leakage risk, the preset risk elimination instruction is executed.
  • the embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
  • FIG. 3 is a flowchart of still another method for data protection of a terminal according to an embodiment of the present invention.
  • the method may include steps S301-S308.
  • the terminal acquires a human eye image of a current environment by using an imaging device.
  • the human eye image is segmented into one or more eye images, and each of the eye images is an image including one human eye.
  • the terminal If the terminal is in a preset data protection scenario, determine, according to the human eye analysis information, whether the terminal has a data leakage risk.
  • the terminal executes a preset risk elimination instruction.
  • steps S301-S305 and S307-S308 in the embodiment of the present invention refer to steps S201-S205 and S207-S208 of the method shown in FIG. 2, and details are not described herein.
  • Step S206 is described in detail in step S206.
  • step S306 when the terminal receives the preset forced enable command, for example, when a preset button on the terminal is pressed, or clicks on a specific one of the terminals
  • the application causes the terminal to receive a running command, which instructs the terminal to forcibly enter a preset data protection scenario.
  • the terminal can obtain the current geographical location information. If the current geographic location is a public place such as a subway, a shopping mall, or a road, the terminal automatically enters a preset data protection scenario. Further, the terminal may determine whether it is in an outgoing time period according to the current time. For example, if the user sets Monday to be an outgoing time period, when the calendar time of the terminal is Monday, the terminal automatically enters a preset data protection scenario.
  • the terminal acquires the human eye image of the current environment through the imaging device, and obtains the human eye analysis information including the iris feature information and the eyeball line of sight information according to the human eye image, and if the terminal receives the preset forced activation command, Determining whether the terminal is in a preset data protection scenario.
  • the terminal is in a preset data protection scenario, determining whether the terminal has a data leakage risk according to the human eye analysis information, and if there is a data leakage risk, executing the preset Risk elimination instructions.
  • the embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
  • FIG. 4 is a schematic structural diagram of a data protection apparatus for a terminal according to an embodiment of the present invention.
  • the apparatus includes: an imaging module 401, a parsing module 402, a risk detecting module 403, and a risk.
  • the module 404 is eliminated.
  • the imaging module 401 is configured to acquire an image of a human eye of a current environment by using an imaging device of the terminal.
  • the parsing module 402 is configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image.
  • the risk detection module 403 is configured to detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk.
  • the risk elimination module 404 is configured to execute a preset risk elimination instruction on the terminal if the data leakage risk exists.
  • the specific functions of the imaging module 401 to the risk elimination module 404 can be respectively referred to steps S101 to S104 shown in FIG. 1 , and details are not described herein.
  • the parsing module 402 may include a splitting unit 4021, an iris recognizing unit 4022, a line of sight recognizing unit 4023, and an information combining unit 4024.
  • the dividing unit 4021 is configured to divide the human eye image into one or more eye images, and each of the eye images is an image including one human eye.
  • the iris recognition unit 4022 is configured to perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye.
  • the line-of-sight identifying unit 4023 is configured to perform a line-of-sight direction detecting algorithm on each of the eye images to obtain a line-of-sight deflection value of the image of the eye.
  • the information combining unit 4024 is configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the iris feature value and the line of sight deflection value of all the eye images, wherein the iris feature information includes all the eye images An iris feature value, the eyeball line of sight information comprising a line of sight deflection value for all of the eye images.
  • splitting unit 4021 For the specific functions of the splitting unit 4021 to the information combining unit 4024, refer to steps S202 to S205 shown in FIG. 2, and details are not described herein.
  • the risk detection module 403 may include a scenario determination submodule 4031 and a risk determination submodule 4032.
  • the scene determining sub-module 4031 is configured to analyze the iris feature information according to a preset scene recognition rule to determine whether the terminal is in a preset data protection scenario.
  • the scene determining sub-module 4031 may include a first scene determining unit 40311 and a second scene determining unit 40312.
  • the first scene determining unit 40311 is configured to determine, if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command The terminal is in a preset data protection scenario.
  • the second scenario determining unit 40312 is configured to determine that the terminal is in a preset data protection scenario if the terminal receives the preset mandatory enable command.
  • first scene determining unit 40311 and the second scene determining unit 40312 can be respectively referred to step S206 shown in FIG. 2 and step S306 shown in FIG. 3, and details are not described herein.
  • the risk determination sub-module 4032 is configured to determine, according to the human eye analysis information, whether the terminal has a data leakage risk if the terminal is in a preset data protection scenario.
  • the structure of the risk determination sub-module 4032 is as shown in FIG. 8.
  • the risk determination sub-module 4032 may include a first determining unit 40321, a second determining unit 40322, and a third determining unit 40323.
  • the first determining unit 40321 is configured to determine that the terminal does not have a data leakage risk if the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold.
  • the second determining unit 40322 is configured to: if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the image of the eye image that generates the iris feature value If the line of sight deflection value is not within the preset deflection range, it is determined that the terminal does not have a risk of data leakage.
  • the third determining unit 40323 is configured to: if the matching degree between the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the image of the eye image that generates the iris feature value is If the line of sight deflection value is within a preset deflection range, it is determined that the terminal has a risk of data leakage.
  • step S207 For the specific functions of the risk determining sub-module 4032 and the first determining unit 40321, the second determining unit 40322, and the third determining unit 40423, refer to step S207 shown in FIG. 2, and details are not described herein.
  • the terminal acquires a human eye image of the current environment through the imaging device, obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, and performs human eye analysis information according to a predefined detection rule.
  • the detection determines whether the terminal has a risk of data leakage. If there is a risk of data leakage, the preset risk elimination instruction is executed.
  • the embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Disclosed are a terminal data protection method and apparatus. The method comprises: a terminal acquires a human eye image in a current environment by using an imaging apparatus; obtain human eye parsing information comprising iris feature information and eyeball sight information according to the human eye image; perform detection on the human eye parsing information according to a pre-defined detection rule, and determine whether the terminal has a data leakage risk; and if the terminal has a data leakage risk, the terminal executes a preset risk elimination instruction. By means of the present invention, the sight of an unauthorized user in a current environment can be identified, thereby preventing terminal data from being peeped, and effectively protecting the security of the terminal data.

Description

一种终端的数据保护方法及装置Terminal data protection method and device 技术领域Technical field
本发明涉及移动终端领域,尤其涉及一种终端的数据保护方法及装置。The present invention relates to the field of mobile terminals, and in particular, to a data protection method and apparatus for a terminal.
背景技术Background technique
以智能手机为代表的移动终端的功能越来越丰富,除了传统的通信功能以外,还具备社交和网上支付等功能。人们在地铁、商场等公共场所使用移动终端时,用户在移动终端上的隐私信息很容易因旁边的人偷窥而泄露,终端上的用户的隐私信息存在较大的安全隐患。The functions of mobile terminals represented by smart phones are becoming more and more abundant. In addition to the traditional communication functions, they also have functions such as social and online payment. When people use mobile terminals in public places such as subways and shopping malls, the privacy information of the users on the mobile terminals is easily leaked by the peek of the person next to them, and the privacy information of the users on the terminals has a large security risk.
目前,为了防止移动终端上的隐私信息在公共场所不被泄露,一种方法是在移动终端上配置特制的屏幕,当进入了公共场所时,开启防偷窥功能,此时若视线与移动终端的屏幕的夹角超过了一定角度,将无法看清屏幕上的内容,一定程度上保证了在公共场合用移动终端时,屏幕内容不会被周围的人看到;另一种方法是移动终端拍摄当前环境的图像,根据当前环境的图像进行人脸识别,如果发现存在陌生人脸,则提醒用户注意个人隐私信息的保护。但以上两种技术都有着较明显的不足之处,第一种方法需要移动终端配置特制的屏幕才能实现,但目前绝大多数移动终端都未曾使用这样的屏幕,而且这种技术对正视方向的偷窥无作用效果;第二种方法只能在拍摄的当前环境的图像里识别出陌生人脸,无法确切地识别出陌生人是否有在看着该移动终端,而公共场合下拍摄的图像通常都能识别出较多的陌生人脸,即便周边的陌生人都没有看着该移动终端,仍会产生保护提醒,这使得第二种方法的误报率较高,影响了用户对移动终端顺畅的操作使用。At present, in order to prevent private information on the mobile terminal from being leaked in a public place, one method is to configure a special screen on the mobile terminal, and when entering a public place, the anti-peeping function is turned on, and at this time, if the line of sight and the mobile terminal are If the angle of the screen exceeds a certain angle, the content on the screen will not be visible. To a certain extent, when the mobile terminal is used in public, the screen content will not be seen by the surrounding people; another method is to shoot the mobile terminal. The image of the current environment is subjected to face recognition according to the image of the current environment. If a strange face is found, the user is reminded to pay attention to the protection of personal privacy information. However, the above two technologies have obvious deficiencies. The first method requires a mobile terminal to configure a special screen, but most mobile terminals have not used such a screen, and this technology is oriented in the front view. The peek has no effect; the second method can only identify strange faces in the image of the current environment of the shooting, and cannot accurately identify whether the stranger is watching the mobile terminal, and the images taken in public are usually Can identify more strange faces, even if the strangers around do not look at the mobile terminal, there will still be a protection reminder, which makes the second method has a higher false positive rate, which affects the user's smoothness to the mobile terminal. Operational use.
发明内容Summary of the invention
本发明实施例提供一种终端的数据保护方法及装置,能有效保护终端数据的安全。 The embodiment of the invention provides a data protection method and device for a terminal, which can effectively protect the security of the terminal data.
本发明一方面提供了一种终端的数据保护方法,包括:An aspect of the present invention provides a data protection method for a terminal, including:
终端通过成像装置获取当前环境的人眼图像;The terminal acquires a human eye image of the current environment through the imaging device;
根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息;Obtaining human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image;
根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险;Detecting the human eye analysis information according to a predefined detection rule, and determining whether the terminal has a data leakage risk;
若存在所述数据泄露风险,所述终端执行预设的风险消除指令。If there is a risk of the data leakage, the terminal executes a preset risk elimination instruction.
本发明另一方面还提供了一种终端的数据保护装置,包括:Another aspect of the present invention provides a data protection device for a terminal, including:
成像模块,用于通过终端的成像装置获取当前环境的人眼图像;An imaging module, configured to acquire an image of a human eye of a current environment through an imaging device of the terminal;
解析模块,用于根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息;a parsing module, configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image;
风险检测模块,用于根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险;a risk detection module, configured to detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk;
风险消除模块,用于若存在所述数据泄露风险,在所述终端上执行预设的风险消除指令。The risk elimination module is configured to execute a preset risk elimination instruction on the terminal if the data leakage risk exists.
实施本发明实施例,具有如下有益效果:Embodiments of the present invention have the following beneficial effects:
本发明实施例由终端通过成像装置获取当前环境的人眼图像,根据该人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,根据预定义的检测规则对人眼解析信息进行检测,确定终端是否存在数据泄露风险,若存在数据泄露风险,则执行预设的风险消除指令。本发明实施例可以识别当前环境里非授权用户的视线,从而防止终端数据被偷窥,有效地保护了终端数据的安全。In the embodiment of the present invention, the terminal acquires the human eye image of the current environment through the imaging device, obtains human eye analysis information including the iris feature information and the eyeball line of sight information according to the human eye image, and detects the human eye analysis information according to the predefined detection rule. Determine whether the terminal has a risk of data leakage. If there is a risk of data leakage, execute the preset risk elimination instruction. The embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1为本发明实施例提供的一种终端的数据保护方法的流程图;FIG. 1 is a flowchart of a data protection method for a terminal according to an embodiment of the present invention;
图2为本发明实施例提供的另一种终端的数据保护方法的流程图;2 is a flowchart of another method for data protection of a terminal according to an embodiment of the present invention;
图3为本发明实施例提供的又一种终端的数据保护方法的流程图;FIG. 3 is a flowchart of still another method for data protection of a terminal according to an embodiment of the present disclosure;
图4为本发明实施例提供的一种终端的数据保护装置的结构示意图;4 is a schematic structural diagram of a data protection device of a terminal according to an embodiment of the present invention;
图5为本发明实施例提供的解析模块的一个实施例的结构示意图;FIG. 5 is a schematic structural diagram of an embodiment of a parsing module according to an embodiment of the present disclosure;
图6为本发明实施例提供的检测模块的一个实施例的结构示意图;FIG. 6 is a schematic structural diagram of an embodiment of a detection module according to an embodiment of the present disclosure;
图7为本发明实施例提供的场景确定子模块的一个实施例的结构示意图;FIG. 7 is a schematic structural diagram of an embodiment of a scenario determining submodule according to an embodiment of the present disclosure;
图8为本发明实施例提供的风险确定子模块的一个实施例的结构示意图。FIG. 8 is a schematic structural diagram of an embodiment of a risk determination sub-module according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例中,终端可以是智能手机、平板电脑、PC(Personal Computer,个人计算机)、电子阅读器、MP4播放器等设备中的任一种,优选地,终端具备获取人眼图像的功能。In the embodiment of the present invention, the terminal may be any one of a smart phone, a tablet computer, a PC (Personal Computer), an e-reader, an MP4 player, and the like. Preferably, the terminal has a function of acquiring an image of a human eye. .
下面将结合附图1-附图3,对本发明实施例提供的终端的数据保护方法进行详细说明。The data protection method of the terminal according to the embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
请参见图1,为本发明实施例提供的一种终端的数据保护方法的流程图,该方法可包括步骤S101-S104。FIG. 1 is a flowchart of a data protection method for a terminal according to an embodiment of the present invention. The method may include steps S101-S104.
S101,终端通过成像装置获取当前环境的人眼图像。S101. The terminal acquires a human eye image of a current environment by using an imaging device.
作为一种可选的实施方式,当终端被唤醒后,终端通过成像装置获取当前环境的人眼图像。该成像装置可以是终端内置的摄像头或者人眼检测仪,也可以是终端操纵的非内置的可获取人眼图像的设备,例如与终端通过Wi-Fi相连接的智能摄像头等设备。 As an optional implementation manner, after the terminal is woken up, the terminal acquires a human eye image of the current environment through the imaging device. The imaging device may be a camera built in the terminal or a human eye detector, or may be a non-built-in device that can be acquired by the terminal, such as a smart camera connected to the terminal via Wi-Fi.
作为一种可选的实施方式,终端可以首先通过成像装置获取当前环境的图像,再对该图像进行预处理,所述的预处理可包括亮度调节、去噪等处理,通过预处理提高图像的品质。然后对预处理后的图像进行人脸识别,从中识别出一个或多个的人脸区域,再从一个或多个的人脸区域进行识别分割,得到一个或多个的人眼图像。As an optional implementation manner, the terminal may first acquire an image of the current environment by using an imaging device, and then perform pre-processing on the image, where the pre-processing may include brightness adjustment, denoising, etc., and the image is improved by preprocessing. quality. The pre-processed image is then subjected to face recognition, from which one or more face regions are identified, and then one or more face regions are identified and segmented to obtain one or more human eye images.
S102,根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息。S102. Obtain human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image.
作为一种可选的实施方式,对步骤S101中获得的人眼图像做进一步的分析,从中提取出人眼解析信息,所述人眼解析信息包含虹膜特征信息和眼球视线信息,其中虹膜特征信息可用来识别该人眼图像所对应的人的身份,眼球视线信息可用来确定对应的人的视线方向是否落在当前终端屏幕上。具体的对人眼解析信息的提取可包含如下几步:首先,将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像;其次,对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值;再次,对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼部图像的视线偏转值;最后,根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息。As an optional implementation manner, the human eye image obtained in step S101 is further analyzed, and human eye analysis information is extracted, wherein the human eye analysis information includes iris feature information and eyeball line of sight information, wherein the iris feature information It can be used to identify the identity of the person corresponding to the human eye image, and the eyeball line of sight information can be used to determine whether the line of sight of the corresponding person falls on the current terminal screen. The specific extraction of the human eye analysis information may include the following steps: First, the human eye image is segmented into one or more eye images, and each of the eye images is a human eye. Image; secondly, performing an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye; and again, performing a line-of-sight direction detection algorithm on each of the eye images to obtain the image The line-of-sight deflection value of the image of the eye; finally, the human eye analysis information including the iris feature information and the eyeball line of sight information is obtained according to the iris feature value and the line-of-sight deflection value of all the eye images.
S103,根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险。S103. Detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk.
作为一种可选的实施方式,在获得人眼解析信息后,先根据预设的场景识别规则确定所述终端是否处于预设的数据保护场景。这里预设的场景识别规则可以包括多种实现方式,比如当终端上的一个按键被按下时,或者是点击了终端中的某一个特定的应用使该终端接收到一个运行指令,该指令指示终端强制进入预设的数据保护场景。进一步可选的,终端可以获取当前所处的地理位置信息,如果当前所处的地理位置信息显示是在地铁、商场、道路等公共场所,终端自动进入预设的数据保护场景。进一步可选的,终端可以根据当前时间来判断是否处于外出时间段,比如用户设置了周一是外出时间段,则当终端的日历时间为周一时,终端自动进入预设的数据保护场景。As an optional implementation manner, after obtaining the human eye analysis information, determining whether the terminal is in a preset data protection scenario according to a preset scene recognition rule. The preset scene recognition rule herein may include multiple implementation manners, such as when a button on the terminal is pressed, or a specific application in the terminal is clicked to cause the terminal to receive a running instruction, the instruction indication The terminal is forced to enter the preset data protection scenario. Further, the terminal can obtain the current geographical location information. If the current geographic location information is displayed in a public place such as a subway, a shopping mall, or a road, the terminal automatically enters a preset data protection scenario. Further, the terminal may determine whether it is in an outgoing time period according to the current time. For example, if the user sets Monday to be an outgoing time period, when the calendar time of the terminal is Monday, the terminal automatically enters a preset data protection scenario.
进一步可选的,终端可先对虹膜特征信息进行分析,确定所述终端是否 处于预设的数据保护场景。如果虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且所述终端接收到了预设的启用指令,则确定所述终端处于预设的数据保护场景。预设的授权虹膜特征库中是预存储的授权用户的虹膜特征值,当虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,意味着当前检测的虹膜特征信息存在非授权用户的虹膜特征值,用户的当前环境存在可检测到的陌生人,此时终端可弹出提示信息如“检测到您附近有陌生人,您在本机上的信息可能会遭到泄露,建议您进入数据保护场景模式。”如果用户点击了确认按键,则终端收到预设的启用指令,终端进入预设的数据保护场景;如果用户确认当前没有必要进入数据保护场景,比如用户只是在和朋友共享观看自己终端上的视频的话,用户可以选择不进入预设的数据保护场景。Further optionally, the terminal may first analyze the iris feature information to determine whether the terminal is In a preset data protection scenario. If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command, it is determined that the terminal is in a preset data protection scenario. The preset authorized iris feature library is a pre-stored iris feature value of the authorized user. When the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature library is less than a preset threshold, it means that the currently detected iris The feature information has the iris feature value of the unauthorized user. The user's current environment has detectable strangers. At this time, the terminal can pop up a prompt message such as "Detecting strangers near you, your information on the machine may be affected. To the leak, it is recommended that you enter the data protection scene mode. If the user clicks the confirmation button, the terminal receives the preset activation command, and the terminal enters the preset data protection scenario; if the user confirms that it is not necessary to enter the data protection scenario, for example The user can choose not to enter the preset data protection scene when sharing the video on the terminal with the friend.
作为一种可选的实施方式,若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。若所述虹膜特征信息中的所有虹膜特征值与预设的授权虹膜特征库的匹配度不小于预设阈值,可认为当前环境可检测范围内不存在非授权用户,没有可疑的偷窥人,则确定所述终端不存在数据泄露风险;若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值不在预设的偏转范围内,可认为当前环境虽然存在非授权用户,但是非授权用户的视线并未落在所要保护的终端上,也就是终端并没有被非授权用户偷窥,则确定所述终端不存在数据泄露风险;若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值在预设的偏转范围内,认为当前环境不仅存在非授权用户,而且至少一个非授权用户的视线落在所要保护的终端上,该终端正处于被偷窥的状态下,则确定所述终端存在数据泄露风险。As an optional implementation manner, if the terminal is in a preset data protection scenario, determining whether the terminal has a data leakage risk according to the human eye analysis information. If the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold, it may be considered that there is no unauthorized user in the current environment detectable range, and there is no suspicious voyeur. Determining that the terminal has no data leakage risk; if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generating the iris image value of the eye image The line of sight deflection value is not within the preset deflection range. It can be considered that although there is an unauthorized user in the current environment, the line of sight of the unauthorized user does not fall on the terminal to be protected, that is, the terminal is not sneaked by an unauthorized user. Determining that the terminal does not have a risk of data leakage; if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generating the eye image of the iris feature value The line of sight deflection value is within a preset deflection range, and the current environment is considered to have not only an unauthorized user but also at least one unauthorized Eyes on household terminal to be protected, the terminal is in a state of being peeping, it is determined that there is the risk of leakage data terminal.
S104,若存在所述数据泄露风险,所述终端执行预设的风险消除指令。S104. If the data leakage risk exists, the terminal executes a preset risk elimination instruction.
作为一种可选的实施方式,终端执行的预设的风险消除指令可以包括该终端上一组预设的图文信息的推送指令、熄灭终端屏幕或者降低终端屏幕亮度的屏幕控制指令、在终端上播放预设的语音文件的播放指令和使终端机身 产生规律振动的马达控制指令,通过执行预设的风险消除指令,尽可能的消除存在的数据泄露风险,达到保护终端的数据安全的目的。As an optional implementation manner, the preset risk elimination instruction executed by the terminal may include a push instruction of a preset set of graphic and text information on the terminal, a screen to extinguish the terminal screen, or a screen control instruction for reducing the brightness of the terminal screen, at the terminal. Playing a preset voice file playback command and making the terminal body The motor control command that generates the regular vibration, by executing the preset risk elimination instruction, eliminates the risk of data leakage as much as possible, and achieves the purpose of protecting the data security of the terminal.
本发明实施例中,终端通过成像装置获取当前环境的人眼图像,根据该人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,根据预定义的检测规则对人眼解析信息进行检测,确定终端是否存在数据泄露风险,若存在数据泄露风险,则执行预设的风险消除指令。本发明实施例可以识别当前环境里非授权用户的视线,从而防止终端数据被偷窥,有效地保护了终端数据的安全。In the embodiment of the present invention, the terminal acquires a human eye image of the current environment through the imaging device, obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, and performs human eye analysis information according to a predefined detection rule. The detection determines whether the terminal has a risk of data leakage. If there is a risk of data leakage, the preset risk elimination instruction is executed. The embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
请参见图2,为本发明实施例提供的另一种终端的数据保护方法的流程图,该方法可包括步骤S201-S208。FIG. 2 is a flowchart of another method for data protection of a terminal according to an embodiment of the present invention. The method may include steps S201-S208.
S201,终端通过成像装置获取当前环境的人眼图像。S201. The terminal acquires a human eye image of the current environment through the imaging device.
作为一种可选的实施方式,当终端经解锁被唤醒后,或者进入终端的解锁界面时,终端通过成像装置获取当前环境的人眼图像。该成像装置可以是终端内置的摄像头或者人眼检测仪,也可以是终端操纵的非内置的可获取人眼图像的设备,例如与终端通过Wi-Fi相连接的智能摄像头等设备。一个供参考的例子是智能手机通过内置的人眼检测仪对当前环境进行扫描,获得当前环境的人眼图像。As an optional implementation manner, when the terminal is woken up by unlocking, or enters the unlocking interface of the terminal, the terminal acquires a human eye image of the current environment through the imaging device. The imaging device may be a camera built in the terminal or a human eye detector, or may be a non-built-in device that can be acquired by the terminal, such as a smart camera connected to the terminal via Wi-Fi. An example for reference is that the smartphone scans the current environment through the built-in human eye detector to obtain a human eye image of the current environment.
作为一种可选的实施方式,终端可以首先通过成像装置获取当前环境的图像,再对该图像进行预处理,所述的预处理可包括亮度调节、去噪等处理,通过预处理提高图像的品质。然后对预处理后的图像进行人脸识别,从中识别出一个或多个的人脸区域,再从一个或多个的人脸区域进行识别分割,得到一个或多个的人眼图像。例如智能手机通过内置的摄像头对当前环境进行拍照,得到图像A,图像A经过预处理后转化为图像B,对图像B进行人脸识别,一共得到3块人脸区域,分别为F1、F2和F3,对这3块脸区域分别进行识别分割,得到3幅人眼图像,分别为E1、E2和E3。As an optional implementation manner, the terminal may first acquire an image of the current environment by using an imaging device, and then perform pre-processing on the image, where the pre-processing may include brightness adjustment, denoising, etc., and the image is improved by preprocessing. quality. The pre-processed image is then subjected to face recognition, from which one or more face regions are identified, and then one or more face regions are identified and segmented to obtain one or more human eye images. For example, the smart phone takes a picture of the current environment through the built-in camera, and obtains image A. Image A is preprocessed and converted into image B, and face B is image-recognized, and a total of three face regions are obtained, namely F1, F2 and F3, the three face regions are separately identified and segmented, and three human eye images are obtained, namely E1, E2 and E3.
S202,将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像。S202. The human eye image is segmented into one or more eye images, and each of the eye images is an image including one human eye.
作为一种可选的实施方式,因为拍摄角度的原因,有可能拍摄到的人脸 是侧面的,每幅人眼图像可能包含一只人眼或者两只人眼,此处从每一幅的人眼图像中分割出只包含一只人眼的眼部图像。例如对步骤S201中的3幅人眼图像进行上述分割,从E1、E2和E3中分割出SE1、SE2及SE3、SE4及SE5,所述的SE1~SE5均是只包含一只人眼的眼部图像。As an optional implementation, it is possible to photograph the face because of the shooting angle. It is lateral, and each human eye image may contain one human eye or two human eyes. Here, an image of the eye containing only one human eye is segmented from each human eye image. For example, the above-mentioned three human eye images in step S201 are segmented, and SE1, SE2, and SE3, SE4, and SE5 are separated from E1, E2, and E3, and the SE1 to SE5 are all eyes including only one human eye. Part image.
S203,对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值。S203. Perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye.
作为一种可选的实施方式,对获得的眼部图像进行逐一解析,从中提取出虹膜特征值。眼部图像中包括了一只完整的人眼的图像细节,对每一幅眼部图像执行虹膜识别算法,该虹膜识别算法可以在终端的通用中央处理器上执行,也可以是由终端上的专门的虹膜识别芯片执行。所有的眼部图像经虹膜识别算法处理后,得到一个或多个的虹膜特征值,每一个虹膜特征值是对一个虹膜内相互交错的斑点、细丝、冠状、条纹、隐窝等的细节特征的数学描述。以步骤S202中获得的眼部图像为例,SE1~SE5经虹膜识别算法处理后,得到对应的虹膜特征值ht1~ht5。As an optional implementation manner, the obtained eye images are analyzed one by one, and the iris feature values are extracted therefrom. The eye image includes an image detail of a complete human eye, and an iris recognition algorithm is performed on each eye image, and the iris recognition algorithm may be executed on a general-purpose central processing unit of the terminal, or may be performed on the terminal. A dedicated iris recognition chip is implemented. All eye images are processed by the iris recognition algorithm to obtain one or more iris feature values, and each iris feature value is a detailed feature of spots, filaments, crowns, stripes, crypts, etc. interlaced in an iris. Mathematical description. Taking the eye image obtained in step S202 as an example, SE1 to SE5 are processed by the iris recognition algorithm to obtain corresponding iris feature values ht1 to ht5.
S204,对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼部图像的视线偏转值。S204. Perform a line-of-sight direction detection algorithm on each of the eye images to obtain a line-of-sight deflection value of the image of the eye.
作为一种可选的实施方式,眼部图像除了虹膜以外,还包括眼球、角膜和瞳孔等部位的细节信息。应用现有的视线方向检测算法,可检测出一幅完整的眼部图像的视线方向,结合三维成像计算模型,计算出每一幅眼部图像中的眼球与终端屏幕的视线偏转值,该值是一个角度值,所用的参考坐标系是以终端屏幕上的可视区域的中心为原点的空间三维坐标系。以步骤S202中获得的眼部图像为例,SE1~SE5经视线方向检测算法处理后,得到对应的视线偏转值sp1~sp5。As an alternative embodiment, the eye image includes details of the eyeball, the cornea, the pupil, and the like in addition to the iris. Applying the existing line-of-sight direction detection algorithm, the line of sight direction of a complete eye image can be detected, and the line-of-sight deflection value of the eyeball and the terminal screen in each eye image is calculated by combining the three-dimensional imaging calculation model. It is an angle value, and the reference coordinate system used is a spatial three-dimensional coordinate system whose origin is the center of the visible area on the terminal screen. Taking the eye image obtained in step S202 as an example, SE1 to SE5 are processed by the line-of-sight direction detection algorithm to obtain corresponding line-of-sight deflection values sp1 to sp5.
S205,根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息。S205. Obtain human eye analysis information including iris feature information and eyeball line of sight information according to the iris feature value and the line of sight deflection value of all the eye images.
作为一种可选的实施方式,将步骤S203和步骤S204中得到的所有的虹膜特征值和视线偏转值组合起来,作为人眼解析信息。该人眼解析信息JX=(JX1,JX2,JX3,JX4,JX5),JX1~JX5为人眼解析信息对应于眼部图像SE1~SE5的部分,其中JX1=(ht1,sp1),其余可以此类推。 As an alternative embodiment, all of the iris feature values and the line-of-sight deflection values obtained in steps S203 and S204 are combined as human eye analysis information. The human eye analysis information JX=(JX1, JX2, JX3, JX4, JX5), and the JX1 to JX5 are portions of the human eye analysis information corresponding to the eye images SE1 to SE5, wherein JX1=(ht1, sp1), and the rest can be deduced by analogy. .
S206,若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且所述终端接收到了预设的启用指令,则确定所述终端处于预设的数据保护场景。S206, if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command, determining that the terminal is preset. Data protection scenario.
作为一种可选的实施方式,预设的授权虹膜特征库是由一个或多个授权用户的虹膜特征值组成的,把虹膜特征信息中的虹膜特征值与该授权虹膜特征库做匹配运算,如果虹膜特征信息中存在一个或多个虹膜特征值与该授权虹膜特征库不满足匹配条件,即匹配运算的匹配度小于预设阈值,则认为当前环境存在非授权用户,终端可以弹出相应的提示信息,询问用户是否需要进入预设的数据保护场景来进一步地保护终端上的数据。例如此时终端可弹出提示信息如“检测到您附近有陌生人,您在本机上的信息可能会遭到泄露,建议您进入数据保护场景模式。”如果用户点击了确认按键,则终端收到预设的启用指令,确定进入预设的数据保护场景。As an optional implementation manner, the preset authorized iris feature library is composed of iris feature values of one or more authorized users, and the iris feature value in the iris feature information is matched with the authorized iris feature library. If there is one or more iris feature values in the iris feature information and the authorized iris feature library does not satisfy the matching condition, that is, the matching degree of the matching operation is less than the preset threshold, it is considered that the current environment has an unauthorized user, and the terminal may pop up a corresponding prompt. Information, asking the user if they need to enter a preset data protection scenario to further protect the data on the terminal. For example, the terminal can pop up a prompt message such as "Detecting strangers near you, your information on this machine may be leaked. It is recommended that you enter the data protection scene mode." If the user clicks the confirmation button, the terminal receives Go to the preset enable command and make sure to enter the preset data protection scene.
S207,若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。S207. If the terminal is in a preset data protection scenario, determine, according to the human eye analysis information, whether the terminal has a data leakage risk.
作为一种可选的实施方式,当终端处于预设的数据保护场景下,虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库逐一进行匹配运算,若所述虹膜特征信息中的所有虹膜特征值与预设的授权虹膜特征库的匹配度不小于预设阈值,可认为当前环境可检测范围内不存在非授权用户,没有可疑的偷窥人,则确定所述终端不存在数据泄露风险;若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值不在预设的偏转范围内,可认为当前环境虽然存在非授权用户,但是非授权用户的视线并未落在所要保护的终端上,也就是终端并没有被非授权用户偷窥,则确定所述终端不存在数据泄露风险;若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值在预设的偏转范围内,认为当前环境不仅存在非授权用户,而且至少一个非授权用户的视线落在所要保护的终端上,该终端正处于被偷窥的状态下,则确定所述终端存在数据泄露风险。例如在步骤S205中获得的人眼解析信息中,与预设的授权虹膜特征库的匹配运算结果显示,JX4与JX5对应的是智能手机上 授权用户的两只眼睛的眼部图像的解析结果,而JX1、JX2和JX3是非授权用户的眼部图像的解析结果,且JX1和JX3的视线偏转值sp1和sp3均不在预设的偏转范围内,JX2的视线偏转值sp2在预设的偏转范围内,则可确认眼部图像SE2中的这只眼睛在看着终端屏幕,该终端存在数据泄露风险。As an optional implementation manner, when the terminal is in a preset data protection scenario, the iris feature value in the iris feature information is matched with the preset authorized iris feature library one by one, if all the iris feature information The matching degree between the iris feature value and the preset authorized iris feature database is not less than a preset threshold. It can be considered that there is no unauthorized user in the current environment detectable range, and there is no suspicious voyeur, and the terminal is determined to have no data leakage risk. If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature library is less than a preset threshold, and the line-of-sight deflection value of the eye image generating the iris feature value is not preset Within the deflection range, it can be considered that although there is an unauthorized user in the current environment, the line of sight of the unauthorized user does not fall on the terminal to be protected, that is, the terminal is not sneaked by the unauthorized user, and it is determined that the terminal does not have data leakage. Risk; if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold And the line of sight deflection value of the eye image generating the iris feature value is within a preset deflection range, and it is considered that the current environment not only has an unauthorized user, but also the sight of at least one unauthorized user falls on the terminal to be protected. In the above, the terminal is in a state of being peeked, and it is determined that the terminal has a risk of data leakage. For example, in the human eye analysis information obtained in step S205, the matching operation result with the preset authorized iris feature database shows that JX4 and JX5 correspond to the smart phone. The result of the analysis of the eye image of the two eyes of the authorized user, and JX1, JX2 and JX3 are the result of the analysis of the eye image of the unauthorized user, and the line-of-sight deflection values sp1 and sp3 of JX1 and JX3 are not within the preset deflection range. When the line of sight deflection value sp2 of JX2 is within the preset deflection range, it can be confirmed that the eye in the eye image SE2 is looking at the terminal screen, and the terminal has a risk of data leakage.
S208,若存在所述数据泄露风险,所述终端执行预设的风险消除指令。S208. If the data leakage risk exists, the terminal executes a preset risk elimination instruction.
作为一种可选的实施方式,终端执行的预设的风险消除指令可以包括该终端上一组预设的图文信息的推送指令、熄灭终端屏幕或者降低终端屏幕亮度的屏幕控制指令、在终端上播放预设的语音文件的播放指令和使终端机身产生规律振动的马达控制指令,通过执行预设的风险消除指令,尽可能的消除存在的数据泄露风险,达到保护终端的数据安全的目的。例如在识别出眼部图像SE2中的这只眼睛在看着终端屏幕,终端首先执行推送指令,在屏幕上推送信息以提醒用户,再执行屏幕控制指令,将终端屏幕熄灭。As an optional implementation manner, the preset risk elimination instruction executed by the terminal may include a push instruction of a preset set of graphic and text information on the terminal, a screen to extinguish the terminal screen, or a screen control instruction for reducing the brightness of the terminal screen, at the terminal. The play command for playing the preset voice file and the motor control command for causing the terminal body to generate regular vibrations can eliminate the risk of data leakage as much as possible by performing the preset risk elimination instruction, thereby achieving the purpose of protecting the data security of the terminal. . For example, when the eye in the eye image SE2 is recognized to be looking at the terminal screen, the terminal first executes a push command, pushes information on the screen to remind the user, and then executes a screen control command to extinguish the terminal screen.
本发明实施例中,终端通过成像装置获取当前环境的人眼图像,根据该人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且终端接收到了预设的启用指令,则确定终端处于预设的数据保护场景,当终端处于预设的数据保护场景时,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险,若存在数据泄露风险,则执行预设的风险消除指令。本发明实施例可以识别当前环境里非授权用户的视线,从而防止终端数据被偷窥,有效地保护了终端数据的安全。In the embodiment of the present invention, the terminal acquires a human eye image of the current environment through the imaging device, and obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, if the iris feature value in the iris feature information is The matching degree of the preset authorized iris feature library is less than the preset threshold, and the terminal receives the preset enable command, and determines that the terminal is in the preset data protection scenario. When the terminal is in the preset data protection scenario, The human eye analysis information determines whether the terminal has a data leakage risk, and if there is a data leakage risk, the preset risk elimination instruction is executed. The embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
请参见图3,为本发明实施例提供的又一种终端的数据保护方法的流程图,该方法可包括步骤S301-S308。FIG. 3 is a flowchart of still another method for data protection of a terminal according to an embodiment of the present invention. The method may include steps S301-S308.
S301,终端通过成像装置获取当前环境的人眼图像。S301. The terminal acquires a human eye image of a current environment by using an imaging device.
S302,将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像。S302. The human eye image is segmented into one or more eye images, and each of the eye images is an image including one human eye.
S303,对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值。S303. Perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye.
S304,对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼 部图像的视线偏转值。S304. Perform a line-of-sight direction detection algorithm on each of the eye images to obtain the image of the eye. The line of sight deflection value of the image.
S305,根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息。S305. Obtain human eye analysis information including iris feature information and eyeball line of sight information according to the iris feature value and the line of sight deflection value of all the eye images.
S306,若所述终端接收到了预设的强制启用指令,则确定所述终端处于预设的数据保护场景。S306. If the terminal receives the preset mandatory enable command, determine that the terminal is in a preset data protection scenario.
S307,若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。S307. If the terminal is in a preset data protection scenario, determine, according to the human eye analysis information, whether the terminal has a data leakage risk.
S308,若存在所述数据泄露风险,所述终端执行预设的风险消除指令。S308. If the data leakage risk exists, the terminal executes a preset risk elimination instruction.
本发明实施例中的步骤S301~S305、S307~S308的具体功能可分别参见图2所示的方法的步骤S201~S205、S207~S208,在此不赘述,下面对本发明实施例与图2中的步骤S206不同的步骤S306做详细说明。For the specific functions of the steps S301-S305 and S307-S308 in the embodiment of the present invention, refer to steps S201-S205 and S207-S208 of the method shown in FIG. 2, and details are not described herein. Step S206 is described in detail in step S206.
作为一种可选的实施方式,在步骤S306中,当终端接收到了预设的强制启用指令时,比如当终端上的一个预设按键被按下,或者是点击了终端中的某一个特定的应用使该终端接收到一个运行指令,该指令指示终端强制进入预设的数据保护场景。进一步可选的,终端可以获取当前所处的地理位置信息,如果显示当前所处的地理位置是地铁、商场、道路等公共场所,则终端自动进入预设的数据保护场景。进一步可选的,终端可以根据当前时间来判断是否处于外出时间段,比如用户设置了周一是外出时间段,则当终端的日历时间为周一时,终端自动进入预设的数据保护场景。As an optional implementation manner, in step S306, when the terminal receives the preset forced enable command, for example, when a preset button on the terminal is pressed, or clicks on a specific one of the terminals The application causes the terminal to receive a running command, which instructs the terminal to forcibly enter a preset data protection scenario. Further, the terminal can obtain the current geographical location information. If the current geographic location is a public place such as a subway, a shopping mall, or a road, the terminal automatically enters a preset data protection scenario. Further, the terminal may determine whether it is in an outgoing time period according to the current time. For example, if the user sets Monday to be an outgoing time period, when the calendar time of the terminal is Monday, the terminal automatically enters a preset data protection scenario.
本发明实施例中,终端通过成像装置获取当前环境的人眼图像,根据该人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,若终端接收到了预设的强制启用指令,则确定终端处于预设的数据保护场景,当终端处于预设的数据保护场景时,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险,若存在数据泄露风险,则执行预设的风险消除指令。本发明实施例可以识别当前环境里非授权用户的视线,从而防止终端数据被偷窥,有效地保护了终端数据的安全。In the embodiment of the present invention, the terminal acquires the human eye image of the current environment through the imaging device, and obtains the human eye analysis information including the iris feature information and the eyeball line of sight information according to the human eye image, and if the terminal receives the preset forced activation command, Determining whether the terminal is in a preset data protection scenario. When the terminal is in a preset data protection scenario, determining whether the terminal has a data leakage risk according to the human eye analysis information, and if there is a data leakage risk, executing the preset Risk elimination instructions. The embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
请参加图4,为本发明实施例提供的一种终端的数据保护装置的结构示意图,该装置包括:成像模块401、解析模块402、风险检测模块403、风险 消除模块404。FIG. 4 is a schematic structural diagram of a data protection apparatus for a terminal according to an embodiment of the present invention. The apparatus includes: an imaging module 401, a parsing module 402, a risk detecting module 403, and a risk. The module 404 is eliminated.
成像模块401,用于通过终端的成像装置获取当前环境的人眼图像。The imaging module 401 is configured to acquire an image of a human eye of a current environment by using an imaging device of the terminal.
解析模块402,用于根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息。The parsing module 402 is configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image.
风险检测模块403,用于根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险。The risk detection module 403 is configured to detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk.
风险消除模块404,用于若存在所述数据泄露风险,在所述终端上执行预设的风险消除指令。The risk elimination module 404 is configured to execute a preset risk elimination instruction on the terminal if the data leakage risk exists.
成像模块401~风险消除模块404的具体功能可分别参见图1所示的步骤S101~S104,在此不赘述。The specific functions of the imaging module 401 to the risk elimination module 404 can be respectively referred to steps S101 to S104 shown in FIG. 1 , and details are not described herein.
作为一种可选的实施方式,解析模块402的结构示意图如图5所示,解析模块402可包括分割单元4021、虹膜识别单元4022、视线识别单元4023、信息组合单元4024。As an optional implementation manner, a schematic structural diagram of the parsing module 402 is shown in FIG. 5. The parsing module 402 may include a splitting unit 4021, an iris recognizing unit 4022, a line of sight recognizing unit 4023, and an information combining unit 4024.
分割单元4021,用于将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像。The dividing unit 4021 is configured to divide the human eye image into one or more eye images, and each of the eye images is an image including one human eye.
虹膜识别单元4022,用于对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值。The iris recognition unit 4022 is configured to perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye.
视线识别单元4023,用于对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼部图像的视线偏转值。The line-of-sight identifying unit 4023 is configured to perform a line-of-sight direction detecting algorithm on each of the eye images to obtain a line-of-sight deflection value of the image of the eye.
信息组合单元4024,用于根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息,其中所述虹膜特征信息包含所有所述眼部图像的虹膜特征值,所述眼球视线信息包含所有所述眼部图像的视线偏转值。The information combining unit 4024 is configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to the iris feature value and the line of sight deflection value of all the eye images, wherein the iris feature information includes all the eye images An iris feature value, the eyeball line of sight information comprising a line of sight deflection value for all of the eye images.
分割单元4021~信息组合单元4024的具体功能可分别参见图2所示的步骤S202~S205,在此不赘述。For the specific functions of the splitting unit 4021 to the information combining unit 4024, refer to steps S202 to S205 shown in FIG. 2, and details are not described herein.
作为一种可选的实施方式,风险检测模块403的结构示意图如图6所示,风险检测模块403可包括场景确定子模块4031、风险确定子模块4032。As an optional implementation manner, a schematic structural diagram of the risk detection module 403 is shown in FIG. 6. The risk detection module 403 may include a scenario determination submodule 4031 and a risk determination submodule 4032.
场景确定子模块4031,用于根据预设的场景识别规则对所述虹膜特征信息进行分析,确定所述终端是否处于预设的数据保护场景。 The scene determining sub-module 4031 is configured to analyze the iris feature information according to a preset scene recognition rule to determine whether the terminal is in a preset data protection scenario.
作为一种可选的实施方式,场景确定子模块4031的结构示意图如图7所示,场景确定子模块4031可包括第一场景确定单元40311、第二场景确定单元40312。As an optional implementation manner, a schematic diagram of the structure of the scene determining sub-module 4031 is as shown in FIG. 7. The scene determining sub-module 4031 may include a first scene determining unit 40311 and a second scene determining unit 40312.
第一场景确定单元40311,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且所述终端接收到了预设的启用指令,则确定所述终端处于预设的数据保护场景。The first scene determining unit 40311 is configured to determine, if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command The terminal is in a preset data protection scenario.
第二场景确定单元40312,用于若所述终端接收到了预设的强制启用指令,则确定所述终端处于预设的数据保护场景。The second scenario determining unit 40312 is configured to determine that the terminal is in a preset data protection scenario if the terminal receives the preset mandatory enable command.
第一场景确定单元40311和第二场景确定单元40312的具体功能可分别参见图2所示的步骤S206和图3所示的步骤S306,在此不赘述。The specific functions of the first scene determining unit 40311 and the second scene determining unit 40312 can be respectively referred to step S206 shown in FIG. 2 and step S306 shown in FIG. 3, and details are not described herein.
风险确定子模块4032,用于若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。The risk determination sub-module 4032 is configured to determine, according to the human eye analysis information, whether the terminal has a data leakage risk if the terminal is in a preset data protection scenario.
作为一种可选的实施方式,风险确定子模块4032的结构示意图如图8所示,风险确定子模块4032可包括第一确定单元40321、第二确定单元40322、第三确定单元40323。As an optional implementation manner, the structure of the risk determination sub-module 4032 is as shown in FIG. 8. The risk determination sub-module 4032 may include a first determining unit 40321, a second determining unit 40322, and a third determining unit 40323.
第一确定单元40321,用于若所述虹膜特征信息中的所有虹膜特征值与预设的授权虹膜特征库的匹配度不小于预设阈值,则确定所述终端不存在数据泄露风险。The first determining unit 40321 is configured to determine that the terminal does not have a data leakage risk if the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold.
第二确定单元40322,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值不在预设的偏转范围内,则确定所述终端不存在数据泄露风险。The second determining unit 40322 is configured to: if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the image of the eye image that generates the iris feature value If the line of sight deflection value is not within the preset deflection range, it is determined that the terminal does not have a risk of data leakage.
第三确定单元40323,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值在预设的偏转范围内,则确定所述终端存在数据泄露风险。The third determining unit 40323 is configured to: if the matching degree between the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the image of the eye image that generates the iris feature value is If the line of sight deflection value is within a preset deflection range, it is determined that the terminal has a risk of data leakage.
风险确定子模块4032及其包括的第一确定单元40321、第二确定单元40322、第三确定单元40323的具体功能可参见图2所示的步骤S207,在此不赘述。 For the specific functions of the risk determining sub-module 4032 and the first determining unit 40321, the second determining unit 40322, and the third determining unit 40423, refer to step S207 shown in FIG. 2, and details are not described herein.
本发明实施例中,终端通过成像装置获取当前环境的人眼图像,根据该人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,根据预定义的检测规则对人眼解析信息进行检测,确定终端是否存在数据泄露风险,若存在数据泄露风险,则执行预设的风险消除指令。本发明实施例可以识别当前环境里非授权用户的视线,从而防止终端数据被偷窥,有效地保护了终端数据的安全。In the embodiment of the present invention, the terminal acquires a human eye image of the current environment through the imaging device, obtains human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image, and performs human eye analysis information according to a predefined detection rule. The detection determines whether the terminal has a risk of data leakage. If there is a risk of data leakage, the preset risk elimination instruction is executed. The embodiment of the invention can identify the line of sight of the unauthorized user in the current environment, thereby preventing the terminal data from being sneaked, and effectively protecting the security of the terminal data.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and thus equivalent changes made in the claims of the present invention are still within the scope of the present invention.

Claims (12)

  1. 一种终端的数据保护方法,其特征在于,所述方法包括:A data protection method for a terminal, the method comprising:
    终端通过成像装置获取当前环境的人眼图像;The terminal acquires a human eye image of the current environment through the imaging device;
    根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息;Obtaining human eye analysis information including iris feature information and eyeball line of sight information according to the human eye image;
    根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险;Detecting the human eye analysis information according to a predefined detection rule, and determining whether the terminal has a data leakage risk;
    若存在所述数据泄露风险,所述终端执行预设的风险消除指令。If there is a risk of the data leakage, the terminal executes a preset risk elimination instruction.
  2. 如权利要求1所述的方法,其特征在于,所述根据所述人眼图像获得包含虹膜特征信息和眼球视线信息的人眼解析信息,包括:The method according to claim 1, wherein the obtaining the human eye analysis information including the iris feature information and the eyeball line of sight information according to the human eye image comprises:
    将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像;Dividing the human eye image into one or more eye images, each of the eye images being an image containing one human eye;
    对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值;Performing an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye;
    对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼部图像的视线偏转值;Performing a line-of-sight direction detection algorithm on each of the eye images to obtain a line-of-sight deflection value of the image of the eye;
    根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息,其中所述虹膜特征信息包含所有所述眼部图像的虹膜特征值,所述眼球视线信息包含所有所述眼部图像的视线偏转值。Obtaining human eye analysis information including iris feature information and eyeball line of sight information according to iris characteristic values and line of sight deflection values of all of the eye images, wherein the iris feature information includes iris feature values of all of the eye images, The eyeball line of sight information includes line of sight deflection values for all of the eye images.
  3. 如权利要求2所述的方法,其特征在于,所述根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险,包括:The method according to claim 2, wherein the detecting the human eye analysis information according to a predefined detection rule to determine whether the terminal has a data leakage risk comprises:
    根据预设的场景识别规则确定所述终端是否处于预设的数据保护场景;Determining, according to a preset scenario identification rule, whether the terminal is in a preset data protection scenario;
    若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。 If the terminal is in a preset data protection scenario, determine whether the terminal has a data leakage risk according to the human eye analysis information.
  4. 如权利要求3所述的方法,其特征在于,所述根据预设的场景识别规则确定所述终端是否处于预设的数据保护场景,包括:The method of claim 3, wherein the determining whether the terminal is in a preset data protection scenario according to a preset scenario identification rule comprises:
    若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且所述终端接收到了预设的启用指令,则确定所述终端处于预设的数据保护场景;或If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command, determining that the terminal is in preset data protection Scene; or
    若所述终端接收到了预设的强制启用指令,则确定所述终端处于预设的数据保护场景。If the terminal receives the preset mandatory enable command, it is determined that the terminal is in a preset data protection scenario.
  5. 如权利要求4所述的方法,其特征在于,所述若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险,包括:The method according to claim 4, wherein if the terminal is in a preset data protection scenario, determining whether the terminal has a data leakage risk according to the human eye analysis information comprises:
    若所述虹膜特征信息中的所有虹膜特征值与预设的授权虹膜特征库的匹配度不小于预设阈值,则确定所述终端不存在数据泄露风险;If the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold, determining that the terminal does not have a data leakage risk;
    若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值不在预设的偏转范围内,则确定所述终端不存在数据泄露风险;If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the line-of-sight deflection value of the eye image generating the iris feature value is not at a preset deflection Within the scope, it is determined that the terminal does not have a risk of data leakage;
    若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值在预设的偏转范围内,则确定所述终端存在数据泄露风险。If the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the line-of-sight deflection value of the eye image generating the iris feature value is at a preset deflection Within the scope, it is determined that the terminal has a risk of data leakage.
  6. 如权利要求5所述的方法,其特征在于,所述若存在所述数据泄露风险,所述终端执行预设的风险消除指令,包括:The method according to claim 5, wherein the terminal executes the preset risk elimination instruction if the data leakage risk exists, including:
    所述风险消除指令用于包括在所述终端上推送预设的图文信息、熄灭所述终端屏幕、在所述终端上播放预设的语音文件和所述终端产生机身振动在内的至少一种。The risk elimination instruction is configured to include pushing at least preset graphic information on the terminal, extinguishing the terminal screen, playing a preset voice file on the terminal, and generating at least the body vibration by the terminal. One.
  7. 一种终端的数据保护装置,其特征在于,所述装置包括:A data protection device for a terminal, characterized in that the device comprises:
    成像模块,用于通过终端的成像装置获取当前环境的人眼图像;An imaging module, configured to acquire an image of a human eye of a current environment through an imaging device of the terminal;
    解析模块,用于根据所述人眼图像获得包含虹膜特征信息和眼球视线信 息的人眼解析信息;An analysis module, configured to obtain, according to the human eye image, information including iris characteristics and an eyeball line of sight The human eye analyzes the information;
    风险检测模块,用于根据预定义的检测规则对所述人眼解析信息进行检测,确定所述终端是否存在数据泄露风险;a risk detection module, configured to detect the human eye analysis information according to a predefined detection rule, and determine whether the terminal has a data leakage risk;
    风险消除模块,用于若存在所述数据泄露风险,在所述终端上执行预设的风险消除指令。The risk elimination module is configured to execute a preset risk elimination instruction on the terminal if the data leakage risk exists.
  8. 如权利要求7所述的装置,其特征在于,所述解析模块包括:The apparatus of claim 7, wherein the parsing module comprises:
    分割单元,用于将所述人眼图像分割为一幅或多幅的眼部图像,每一幅所述眼部图像为包含一只人眼的图像;a dividing unit, configured to divide the human eye image into one or more eye images, each of the eye images being an image including one human eye;
    虹膜识别单元,用于对每一幅所述眼部图像执行虹膜识别算法,得到该幅所述眼部图像的虹膜特征值;An iris recognition unit configured to perform an iris recognition algorithm on each of the eye images to obtain an iris feature value of the image of the eye;
    视线识别单元,用于对每一幅所述眼部图像执行视线方向检测算法,得到该幅所述眼部图像的视线偏转值;a line-of-sight identifying unit configured to perform a line-of-sight direction detecting algorithm for each of the eye images to obtain a line-of-sight deflection value of the image of the eye group;
    信息组合单元,用于根据所有所述眼部图像的虹膜特征值和视线偏转值获得包含虹膜特征信息和眼球视线信息的人眼解析信息,其中所述虹膜特征信息包含所有所述眼部图像的虹膜特征值,所述眼球视线信息包含所有所述眼部图像的视线偏转值。An information combining unit, configured to obtain human eye analysis information including iris feature information and eyeball line of sight information according to iris feature values and line of sight deflection values of all the eye images, wherein the iris feature information includes all of the eye images An iris feature value, the eyeball line of sight information comprising a line of sight deflection value for all of the eye images.
  9. 如权利要求8所述的装置,其特征在于,所述风险检测模块包括:The device of claim 8 wherein said risk detection module comprises:
    场景确定子模块,用于根据预设的场景识别规则对所述虹膜特征信息进行分析,确定所述终端是否处于预设的数据保护场景;a scene determination sub-module, configured to analyze the iris feature information according to a preset scene recognition rule, to determine whether the terminal is in a preset data protection scenario;
    风险确定子模块,用于若所述终端处于预设的数据保护场景,则根据所述人眼解析信息确定所述终端是否存在数据泄露风险。The risk determination sub-module is configured to determine, according to the human eye analysis information, whether the terminal has a data leakage risk if the terminal is in a preset data protection scenario.
  10. 如权利要求9所述的装置,其特征在于,所述场景确定子模块包括:The device according to claim 9, wherein the scene determination sub-module comprises:
    第一场景确定单元,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且所述终端接收到了预设的启用指令,则确定所述终端处于预设的数据保护场景;a first scene determining unit, configured to determine, if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and the terminal receives the preset enable command The terminal is in a preset data protection scenario;
    第二场景确定单元,用于若所述终端接收到了预设的强制启用指令,则 确定所述终端处于预设的数据保护场景。a second scene determining unit, configured to: if the terminal receives a preset forced enable command, Determining that the terminal is in a preset data protection scenario.
  11. 如权利要求10所述的装置,其特征在于,所述风险确定子模块包括:The device of claim 10, wherein the risk determination sub-module comprises:
    第一确定单元,用于若所述虹膜特征信息中的所有虹膜特征值与预设的授权虹膜特征库的匹配度不小于预设阈值,则确定所述终端不存在数据泄露风险;a first determining unit, configured to determine that the terminal does not have a data leakage risk if the matching degree of all the iris feature values in the iris feature information and the preset authorized iris feature database is not less than a preset threshold;
    第二确定单元,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值不在预设的偏转范围内,则确定所述终端不存在数据泄露风险;a second determining unit, configured to: if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generate the line of sight of the eye image of the iris feature value If the deflection value is not within the preset deflection range, it is determined that the terminal does not have a data leakage risk;
    第三确定单元,用于若所述虹膜特征信息中的虹膜特征值与预设的授权虹膜特征库的匹配度小于预设阈值,且产生该虹膜特征值的所述眼部图像的所述视线偏转值在预设的偏转范围内,则确定所述终端存在数据泄露风险。a third determining unit, configured to: if the matching degree of the iris feature value in the iris feature information and the preset authorized iris feature database is less than a preset threshold, and generate the line of sight of the eye image of the iris feature value If the deflection value is within a preset deflection range, it is determined that the terminal has a risk of data leakage.
  12. 如权利要求11所述的装置,其特征在于,所述风险消除指令用于包括在所述终端上推送预设的图文信息、熄灭所述终端屏幕、在所述终端上播放预设的语音文件和所述终端产生机身振动在内的至少一种。 The device according to claim 11, wherein the risk elimination instruction is configured to: push preset graphic information on the terminal, extinguish the terminal screen, and play a preset voice on the terminal. The document and the terminal generate at least one of body vibrations.
PCT/CN2015/082337 2015-06-25 2015-06-25 Terminal data protection method and apparatus WO2016206041A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/082337 WO2016206041A1 (en) 2015-06-25 2015-06-25 Terminal data protection method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/082337 WO2016206041A1 (en) 2015-06-25 2015-06-25 Terminal data protection method and apparatus

Publications (1)

Publication Number Publication Date
WO2016206041A1 true WO2016206041A1 (en) 2016-12-29

Family

ID=57584510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082337 WO2016206041A1 (en) 2015-06-25 2015-06-25 Terminal data protection method and apparatus

Country Status (1)

Country Link
WO (1) WO2016206041A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108416235A (en) * 2018-03-30 2018-08-17 百度在线网络技术(北京)有限公司 The anti-peeping method, apparatus of display interface, storage medium and terminal device
CN110968889A (en) * 2018-09-30 2020-04-07 中兴通讯股份有限公司 Data protection method, equipment, device and computer storage medium
CN111948366A (en) * 2020-08-13 2020-11-17 湖南交通工程学院 Multifunctional intelligent unmanned water area real-time monitoring platform and monitoring method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218579A (en) * 2013-03-28 2013-07-24 东莞宇龙通信科技有限公司 Method for preventing content on screen from being peeped, and mobile terminal thereof
CN103402006A (en) * 2013-07-24 2013-11-20 江苏晓山信息产业股份有限公司 Time control-based human eye detection personal screen anti-peep system and method
CN104077517A (en) * 2014-06-30 2014-10-01 惠州Tcl移动通信有限公司 Mobile terminal user mode start method and system based on iris identification
CN104463041A (en) * 2014-11-07 2015-03-25 惠州Tcl移动通信有限公司 Peep prevention method and device for screen

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218579A (en) * 2013-03-28 2013-07-24 东莞宇龙通信科技有限公司 Method for preventing content on screen from being peeped, and mobile terminal thereof
CN103402006A (en) * 2013-07-24 2013-11-20 江苏晓山信息产业股份有限公司 Time control-based human eye detection personal screen anti-peep system and method
CN104077517A (en) * 2014-06-30 2014-10-01 惠州Tcl移动通信有限公司 Mobile terminal user mode start method and system based on iris identification
CN104463041A (en) * 2014-11-07 2015-03-25 惠州Tcl移动通信有限公司 Peep prevention method and device for screen

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108416235A (en) * 2018-03-30 2018-08-17 百度在线网络技术(北京)有限公司 The anti-peeping method, apparatus of display interface, storage medium and terminal device
CN108416235B (en) * 2018-03-30 2019-08-09 百度在线网络技术(北京)有限公司 The anti-peeping method, apparatus of display interface, storage medium and terminal device
CN110968889A (en) * 2018-09-30 2020-04-07 中兴通讯股份有限公司 Data protection method, equipment, device and computer storage medium
CN111948366A (en) * 2020-08-13 2020-11-17 湖南交通工程学院 Multifunctional intelligent unmanned water area real-time monitoring platform and monitoring method

Similar Documents

Publication Publication Date Title
US9075974B2 (en) Securing information using entity detection
CN109040439B (en) Method and device for realizing privacy protection
US20130188840A1 (en) Liveness detection system based on face behavior
WO2018058373A1 (en) Control method and apparatus for electronic device, and electronic device
WO2017059700A1 (en) Identity authentication method and apparatus
US20150371081A1 (en) Information processing method for electronic device with facial recognition function
CN104885082B (en) The hiding guard method of terminal and data message
CN110998573A (en) Computer-implemented method and computer program product for access control of a terminal
EP3249570B1 (en) Method and device for providing prompt indicating loss of terminal
CN111935349B (en) Terminal-based information display method and device, terminal and storage medium
CN110619239A (en) Application interface processing method and device, storage medium and terminal
WO2017067507A1 (en) Method and device for determining a use permission of an apparatus
WO2016206041A1 (en) Terminal data protection method and apparatus
US11507389B2 (en) Adjusting settings on computing devices based on location
CN106911861A (en) A kind of information displaying method and device based on iris recognition
US20220100989A1 (en) Identifying partially covered objects utilizing machine learning
CN108334761B (en) User authority identification method and device
CN113282364A (en) Display method, display device and electronic equipment
JP2009156948A (en) Display control device, display control method, and display control program
CN111177770B (en) Sensitive information protection method, mobile equipment and storage device
US20150086074A1 (en) Information processing device, information processing method, and program
US11030336B2 (en) Switching method, electronic device, and storage medium
WO2017096566A1 (en) Display method, apparatus and system
US11621863B1 (en) Audio protection in virtual meeting
WO2016082498A1 (en) Method and device for controlling terminal device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15895941

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15895941

Country of ref document: EP

Kind code of ref document: A1